Commit bcdef58e authored by João Lino's avatar João Lino

Remove secrets and make a smarter startup script.

parent 692c2a2b
#!/bin/sh #!/bin/sh
__is_pod_ready() { __is_pod_ready() {
POD_STATUS="False" POD_STATUS="False"
while [ "$POD_STATUS" != "True" ]; while [ "$POD_STATUS" != "True" ];
do do
...@@ -11,16 +10,36 @@ __is_pod_ready() { ...@@ -11,16 +10,36 @@ __is_pod_ready() {
done done
} }
# install jenkins __expose_pod() {
helm install -f values.yaml --namespace demo-infra --kubeconfig ~/.kube/config demo-infra-jenkins stable/jenkins # kill any previous proxy
kill $(ps aux | grep '8180[:]8080' | awk '{print $2}')
# print admin password
export JENKINS_PASS=$(kubectl get secret --namespace demo-infra demo-infra-jenkins -o jsonpath="{.data.jenkins-admin-password}" | base64 --decode)
echo "HOST: http://192.168.1.194:8180 USERNAME: admin PASSWORD: $JENKINS_PASS"
# expose
export POD_NAME=$(kubectl get pods --namespace demo-infra -l "app.kubernetes.io/component=jenkins-master" -l "app.kubernetes.io/instance=demo-infra-jenkins" -o jsonpath="{.items[0].metadata.name}")
kubectl --namespace demo-infra port-forward $POD_NAME 8180:8080 --address 0.0.0.0 &
}
POD_STATUS=$(kubectl get pods --namespace demo-infra -l "app.kubernetes.io/component=jenkins-master" -l "app.kubernetes.io/instance=demo-infra-jenkins" -o jsonpath='{..status.conditions[?(@.type=="Ready")].status}')
if [ "$POD_STATUS" = 'True' ]; then
echo "pod already installed, exposing it..."
# create proxy into the pod
__expose_pod
else
echo "pod missing, installing it..."
# install nexus
helm install -f values.yaml --namespace demo-infra --kubeconfig ~/.kube/config demo-infra-jenkins ./
# wait for it to become ready # wait for it to become ready
__is_pod_ready __is_pod_ready
# print admin password # create proxy into the pod
export JENKINS_PASS=$(kubectl get secret --namespace demo-infra demo-infra-jenkins -o jsonpath="{.data.jenkins-admin-password}" | base64 --decode) __expose_pod
echo "HOST: http://192.168.1.194:8180 USERNAME: admin PASSWORD: $JENKINS_PASS"
# expose fi
export POD_NAME=$(kubectl get pods --namespace demo-infra -l "app.kubernetes.io/component=jenkins-master" -l "app.kubernetes.io/instance=demo-infra-jenkins" -o jsonpath="{.items[0].metadata.name}")
kubectl --namespace demo-infra port-forward $POD_NAME 8180:8080 --address 0.0.0.0 &
apiVersion: v1
kind: Secret
metadata:
name: jenkins-credentials
data:
credentials.xml: PD94bWwgdmVyc2lvbj0nMS4xJyBlbmNvZGluZz0nVVRGLTgnPz4KPGNvbS5jbG91ZGJlZXMucGx1Z2lucy5jcmVkZW50aWFscy5TeXN0ZW1DcmVkZW50aWFsc1Byb3ZpZGVyIHBsdWdpbj0iY3JlZGVudGlhbHNAMi4zLjciPgogIDxkb21haW5DcmVkZW50aWFsc01hcCBjbGFzcz0iaHVkc29uLnV0aWwuQ29weU9uV3JpdGVNYXAkSGFzaCI+CiAgICA8ZW50cnk+CiAgICAgIDxjb20uY2xvdWRiZWVzLnBsdWdpbnMuY3JlZGVudGlhbHMuZG9tYWlucy5Eb21haW4+CiAgICAgICAgPHNwZWNpZmljYXRpb25zLz4KICAgICAgPC9jb20uY2xvdWRiZWVzLnBsdWdpbnMuY3JlZGVudGlhbHMuZG9tYWlucy5Eb21haW4+CiAgICAgIDxqYXZhLnV0aWwuY29uY3VycmVudC5Db3B5T25Xcml0ZUFycmF5TGlzdD4KICAgICAgICA8aW8uamVua2lucy5wbHVnaW5zLmdpdGxhYnNlcnZlcmNvbmZpZy5jcmVkZW50aWFscy5QZXJzb25hbEFjY2Vzc1Rva2VuSW1wbCBwbHVnaW49ImdpdGxhYi1icmFuY2gtc291cmNlQDEuNC42Ij4KICAgICAgICAgIDxzY29wZT5HTE9CQUw8L3Njb3BlPgogICAgICAgICAgPGlkPnNlcnZpY2UtY29uZmlnLXRva2VuPC9pZD4KICAgICAgICAgIDxkZXNjcmlwdGlvbj5UaGUgdXNlciB0aGF0IG1hbmFnZXIgdGhlIGdpdGxhYiBpbnRlZ3JhdGlvbiBmb3IgQ0kvQ0QgcHJvamVjdHMuPC9kZXNjcmlwdGlvbj4KICAgICAgICAgIDx0b2tlbj57QVFBQUFCQUFBQUFnbC9ldnBFY2pzcnRpclZ4YkVNZXp1NlQrV0tJcnFPcUlqV2IwZXRXWDJOdmo5VTExWXZrd2hyN0NiM2lMK0UxbH08L3Rva2VuPgogICAgICAgIDwvaW8uamVua2lucy5wbHVnaW5zLmdpdGxhYnNlcnZlcmNvbmZpZy5jcmVkZW50aWFscy5QZXJzb25hbEFjY2Vzc1Rva2VuSW1wbD4KICAgICAgPC9qYXZhLnV0aWwuY29uY3VycmVudC5Db3B5T25Xcml0ZUFycmF5TGlzdD4KICAgIDwvZW50cnk+CiAgPC9kb21haW5DcmVkZW50aWFsc01hcD4KPC9jb20uY2xvdWRiZWVzLnBsdWdpbnMuY3JlZGVudGlhbHMuU3lzdGVtQ3JlZGVudGlhbHNQcm92aWRlcj4=
\ No newline at end of file
apiVersion: v1
kind: Secret
metadata:
name: jenkins-secrets
data:
master.key: YTdhMjQyMTZiMWUxZTdjMDNkNDhiMGEyYmI2OWFhYjMzNDcyNjlmZmUzYWU0MjYwZjhmMTY5ZTZkMjFjNjhiMWVmMmVlYjhhMjAxNGUyN2U0ZjExNDMxY2IwNDA1ZTQ3NjFhNmJmNjg3YTVhNDRlNjU2YTdkYTQ5ZTk5Y2E4NjlhMzZhZjIxMjE4NmMzNGY5NDEzOWZjODQ2NTU5NzkyNTdkY2IxODY2MmFiOTcyMGE4YmQyYmEzN2QyOThiMzU1NGZkNDU4MjFkZDM1ZmQyYTg1Y2U1MzI2OTQ1ZDM0OThmY2IxYjk1YWNlODNhMWRhYmY0ZjI0NTUyNWJhYTUzMg==
hudson.util.Secret: +z3+/YnKuRQBoGObj6Dg4MW6Csz/M5Hw2NMmHX1BnOSvSel+cyn7AEtxXBNOiJtkqjEuUm4MHo/BuuQ3aWSeuDAIoHvZWZqIctk8D7/azrkjt0hnAPdnrLAwDX4mhNT3yZAbssx/YzjzIPkHVdgHcGyL9TdBdkrbbyEZZEFBBWuD8C71cLyidfK/571/qtNBO2mLllh9JReL12EKVLZz3fvnlgC/D2IrCvlb4Y9xYvKYw2+FL98cweOBQV57SvN7XkHvSFdaAejsT5UOIkcU8dKBnVyfHM7qxcjXnX+ZyEiX6LuRoKcYKXfD2V4jddd9vsWyBAi+vx/oiiBXbr/W2bxESlEplV2bvdxCkttxl6c=
\ No newline at end of file
...@@ -235,11 +235,11 @@ master: ...@@ -235,11 +235,11 @@ master:
# - | # - |
# print 'adding global pipeline libraries, register properties, bootstrap jobs...' # print 'adding global pipeline libraries, register properties, bootstrap jobs...'
# Kubernetes secret that contains a 'credentials.xml' for Jenkins # Kubernetes secret that contains a 'credentials.xml' for Jenkins
credentialsXmlSecret: jenkins-credentials #credentialsXmlSecret: jenkins-credentials
# Kubernetes secret that contains files to be put in the Jenkins 'secrets' directory, # Kubernetes secret that contains files to be put in the Jenkins 'secrets' directory,
# useful to manage encryption keys used for credentials.xml for instance (such as # useful to manage encryption keys used for credentials.xml for instance (such as
# master.key and hudson.util.Secret) # master.key and hudson.util.Secret)
secretsFilesSecret: jenkins-secrets #secretsFilesSecret: jenkins-secrets
# Jenkins XML job configs to provision # Jenkins XML job configs to provision
jobs: jobs:
# test: |- # test: |-
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment